CVE-2018-10468

2018-04-28T09:29:00

ID CVE-2018-10468Type cveReporter NVDModified 2018-06-12T14:32:17

Description

The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018

{"seebug": [{"lastseen": "2018-06-26T22:17:21", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "description": "Our automated scanning system at PeckShield discovered a new vulnerability named transferFlaw (CVE-2018\u201310468). This particular vulnerability affects a publicly traded ERC20 token listed in a top exchange. Different from batchOverflow [1] and proxyOverflow [2] we identified before, this vulnerability does not lead to generating countless tokens. Instead, this one, when exploited, can be used by attackers to steal others\u2019 tokens.\r\n\r\nOur in-depth code analysis further indicates that it is probably a scam token. We have promptly notified affected exchanges to delist the related token. Note that the token has been publicly tradable for about 10 months even though at a relatively low trade volume, we believe it poses a realistic threat to legitimate users and cryptocurrency market as a whole.\r\n\r\n### Details\r\nWe have analyzed a number of related smart contracts. In the following, we show the vulnerable transferFrom() function.\r\n\r\n![](https://images.seebug.org/1527734240412-w331s)\r\n\r\nFigure 1: A transferFlaw-affected Smart Contract\r\n\r\n\r\n\r\nIn order to understand the vulnerability, let\u2019s suppose that a victim user _to currently has a balances[_to]=1 and the attacker _from has no balance yet (i.e., balances[_from]=0). When the attacker sends a transaction invoking the vulnerable function with argument `_value=0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff` (64 f\u2019s),\r\n```\r\ntransferFrom(_from, _to, 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff)\r\n```\r\n\r\nthe execution proceeds as follows:\r\n```\r\nline 53) fromBalance=0,\r\nline 54) allowance=0,\r\nline 56) sufficientFunds=TRUE,\r\nline 57) sufficientAllowance=TRUE,\r\nline 58) overflowed=FALSE.\r\n```\r\n\r\nFinally, the condition in line 60 will be evaluated TRUE:\r\n```\r\nline 60) (sufficientFunds && sufficientAllowance && !overflowed) = TRUE\r\n```\r\n\r\nWith that, the code in line 61 makes balances[_to] =0, and the code in line 62 changes balances[_from] to 1. In other words, the balances of victim \u201c_to\u201d has been transferred to the attacker \u201c_from\u201d.\r\n\r\n### Affected Tokens\r\nWhile scanning through our collection of smart contracts that are deployed in mainnet, we have found tens of them affected by transferFlaw. Among them, a token named UET caught our attention as it is currently tradable in a top exchange, i.e., hitBTC.\r\n\r\nEven worse,our analysis also shows that this vulnerability has been already exploited in the wild since 2017/12/23 in multiple transactions. In Figure 2, we show a recent one:\r\n\r\n![](https://images.seebug.org/1527734301602-w331s)\r\n\r\nFigure 2: A Suspicious UET Token Transfer (with huge amount)\r\n\r\n\r\n\r\nUpon the detection of in-the-wild exploitation, we have immediately notified hitBTC with the vulnerability details. Fortunately, hitBTC quickly gets back to us and we will work together to get the problem solved.\r\n\r\nIn the meantime, to better protect legitimate users, we feel necessary to make it known to public. Moreover, while performing an in-depth investigation of the smart contract, we made an interesting observation that makes us to consider this vulnerability might be intentionally planted. Specificially, let\u2019s take a closer look at the transfer() function right above the vulnerable transferFrom() function.\r\n\r\n![](https://images.seebug.org/1527734313253-w331s)\r\n\r\nFigure 3: transfer() of UET Token Contract\r\n\r\n\r\n\r\nIf we compare the code in lines 35-36 (sufficientFunds and overflowed) in figure 3 with the counterparts in figure 1, it is quite ludicrous as the vulnerability could be eliminated by a simple copy-and-paste action in consideration of their similar functionality. From the typical programming practice perspective, it is an extremely unusual behavior!\r\n\r\n### Conclusion\r\nThe recent flurry of smart contract vulnerabilities (i.e., batchOverflow [1], proxyOverflow [2], and now transferFlaw) reminds us the importance of auditing smart contracts before their deployment. Also, since some affected tokens are publicly traded in a variety of exchanges, we believe exchanges need to step up by requiring high-quality (or even publicly verifiable) smart contract audits before allowing related tokens to be listed for trading.\r\n\r\nIn addition, exchanges also share the responsibility of establishing a transparent, reliable security response process that not only serves their best interests (in providing safe and reliable trading services to their own customers), but also helps improve the community as a whole.", "reporter": "My Seebug", "published": "2018-05-31T00:00:00", "type": "seebug", "title": "New transferFlaw Bug Used For Possible Scam Token Listed In A Top Exchange(CVE-2018-10468)", "enchantments": {"score": {"modified": "2018-06-26T22:17:21", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2018-10468"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2018-05-31T00:00:00", "id": "SSV:97318", "href": "https://www.seebug.org/vuldb/ssvid-97318", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "", "status": "cve,details"}]}